Cisco patches IOS BGP vulnerability

Today’s bug patches and security alerts:

Cisco patches IOS BGP vulnerability

A flaw in Cisco routers and switches running IOS with Border Gateway Protocol (BGP) enabled could be vulnerable to a denial-of-service attack. To exploit the vulnerability, an attacker would have to inject a malformed BGP packet that appears to be from a trusted peer, limiting the scope of the problem, according to Cisco. A patch is available:

https://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml

**********

Wireless routers birthing bugs aplenty

More scary, Version 1 of the NetGear WG602 suffers from an intentional backdoor, as noted in this BUGTRAQ post. Apparently one of NetGear’s partners programmed a universal remote access password into the device. ArsTechnica, 06/13/04.

https://arstechnica.com/news/posts/1087141484.html

NetGear patch:

https://kbserver.netgear.com/kb_web_files/n101383.asp

**********

Debian patches lha

Two flaws have been found in the lha package for Debian. First, a heap overflow could be exploited to run arbitrary code on the affected machine. Second, multiple directory traversal vulnerabilities could allow an attacker to create files on the affected system. For more, go to:

https://www.debian.org/security/2004/dsa-515

**********

SMC firmware upgrades available

SMC has released new firmware upgrades for its 7008ABRv2 and 7004VBRv1 routers that permanently closes access to Port 1900 via the WAN connection. Download the updates:

7008ABRv2:

https://www.nwfusion.com/go2/0614bug2a.html

7004VBRv1:

https://www.nwfusion.com/go2/0614bug2b.html

**********

Trustix patches kernel

A bug in the Trustix Linux kernel may freeze a machine. A fix is available. For more, go to :

https://www.trustix.org/errata/2004/0034

**********

IBM patches acpRunner and eGatherer

Two ActiveX controls, acpRunner and eGatherer, from IBM used for support purposes are “signed” by the company, but could be used by others under the guise that it’s being issued by Big Blue. For more, go to:

acpRunner:

https://www.nwfusion.com/go2/0614bug2c.html

eGatherer:

https://www.nwfusion.com/go2/0614bug2d.html

**********

Gentoo, OpenPKG release Apache update

A buffer overflow in the Apache mod_proxy (OpenPKG) and mod_ssl (Gentoo) modules could be exploited in a denial-of-service attack against the affected machine. For more, go to:

Gentoo:

https://forums.gentoo.org/viewtopic.php?t=183722

OpenPKG:

https://www.openpkg.org/security/OpenPKG-SA-2004.029-apache.txt

**********

Gentoo patches mailman

A bug in mailman could be exploited by an attacker to retrieve member passwords from the affected system. For more, go to:

https://forums.gentoo.org/viewtopic.php?t=183625

**********

Today’s roundup of virus alerts:

Details emerge of first cell phone worm

More details are emerging about what may be the first mobile phone worm. Kaspersky Labs, a Moscow anti-virus vendor, reported the find on Monday, and short news reports began appearing thereafter. Now, Network Associates’ McAfee division has posted a profile of the worm, dubbed Cabir (although the screen display is “Caribe”). Network World Fusion, 06/16/04.

https://www.nwfusion.com/news/2004/0616cabir.html?nl

W32/Zafi-B — A peer-to-peer worm that also uses e-mails written in foreign languages to spread. The virus uses random file names as attachments and culls various files on the local machine looking for e-mail addresses. (Sophos)

Troj/Sober-H — An e-mail worm that uses messages written in German to spread. It does not seem to cause any permanent damage. (Sophos)

W32/Spybot-CO — A worm that spreads via Kazaa and installs itself as “AUGMSG.EXE” in the Windows System folder. It logs keystrokes and may provide backdoor access via IRC. (Sophos)

W32/Rbot-AQ — This worm spreads via network shares, installing itself as “wtm32.exe” in the Windows System folder. Rbot-AQ may contain a number of components, including a keystroke logger, backdoor access via IRC, and the ability to launch denial-of-service attacks against remote sites. (Sophos)

W32/Rbot-AS — Very similar to Rbot-AQ above, this virus installs itself as “LSAS.EXE” in the Windows System folder. (Sophos)

W32/Agobot-WR — Another Agobot variant that spreads via network shares and offers backdoor access to the infected machine via IRC. It also tries to terminate security-related applications. (Sophos)

**********

From the interesting reading department:

Wardriving for WLAN security

The 4th Annual Worldwide Wardrive is underway this week, with volunteers scanning the airwaves in a neighborhood near you for WLAN access points. Network World Fusion, 06/16/04.

https://www.nwfusion.com/news/2004/0616wardrive.html?nl

Trend Micro sees future in anti-virus services

Trend Micro expects network anti-virus services to grow to make up a quarter of its revenue in three years as the threat posed by network worms such as Sasser continues to grow, according to the company’s CEO. IDG News Service, 06/14/04.

https://www.nwfusion.com/news/2004/0614trendmicro.html?nl